{
	"id": "cc07006b-9d20-43fb-8c0c-d27ac730606d",
	"created_at": "2026-04-06T00:17:33.461422Z",
	"updated_at": "2026-04-10T03:21:49.331711Z",
	"deleted_at": null,
	"sha1_hash": "031a93cf1efd2dca58726fa9fcc98edbec6fbde6",
	"title": "What's in a VIB?",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 42672,
	"plain_text": "What's in a VIB?\r\nBy Kyle Gleed\r\nPublished: 2011-09-13 · Archived: 2026-04-05 23:03:50 UTC\r\nIntroduction\r\nWith the release of vShere 5.0 and the introduction of the new ESXi Image Builder CLI there’s naturally been a\r\ngood deal of interest in how to create and maintain custom ESXi images.  Although I’ve always understood a\r\n“VIB” to be the basic building block of an ESXi image, I’ve never really understood what exactly a VIB is. \r\nHowever, the more I work with vSphere 5.0 the more I have come realize that to be successful I need more than a\r\ncursory knowledge of VIBs.  It’s important to understand the make up of a VIB, how VIBs are created, and how\r\nVIBs are packaged and distributed.  As such I thought it would be good to write a blog post discussing the elusive\r\nESXi “VIB”.\r\nAbout VIBs\r\nVIB stands for vSphere Installation Bundle.  At a conceptual level a VIB is somewhat similar to a tarball or ZIP\r\narchive in that it is a collection of files packaged into a single archive to facilitate distribution.  If we look under\r\nthe covers we will find that a VIB is comprised of three parts:\r\nA file archive\r\nAn XML descriptor file\r\nA signature file\r\nThe file archive, also referred to as the VIB payload, contains the files that make up the VIB.  When a VIB is\r\nadded to an ESXi image, the files in the VIB payload will be installed on the host.  When a VIB is removed from\r\nan ESXi image these files are removed. \r\nThe XML descriptor file describes the contents of the VIB.  Included with the description is important\r\ninformation about the requirements for installing the VIB, to include any dependencies, any compatibility issues,\r\nand whether the VIB can be installed without rebooting.\r\nThe signature file is an electronic signature used to verify the level of trust associated with the VIB.  The\r\nacceptance level not only helps protect the integrity of the VIB, but it also identifies who created the VIB and the\r\namount of testing and verification that has been done. There are four acceptance levels:\r\nVMwareCertified:  VIBs created and tested by VMware.  VMware Certified VIBs undergo thorough\r\ntesting by VMware.\r\nVMwareAccepted:  VIBs created by a VMware partners that are approved by VMware.  VMware relies\r\non partners to perform the testing, but VMware verifies the results.\r\nhttps://blogs.vmware.com/vsphere/2011/09/whats-in-a-vib.html\r\nPage 1 of 3\n\nPartnerSupported:  VIBs created and tested by a trusted VMware partner.  The partner performs all\r\ntesting.  VMware does not verify the results.\r\nCommunitySupported:  VIBs created by individuals or partners outside of the VMware partner program. \r\nThese VIBs do not undergo any VMware or trusted partner testing and are not supported by VMware or its\r\npartners. \r\nAll VMware and partner supported VIBs must be signed by a VMware trusted authority, this helps ensure the\r\nsecurity of the VIB by preventing any unauthorized tampering of its contents.   Community supported VIBs do not\r\nneed to be signed, but they are still required to have an empty signature file.  Be careful when using\r\nCommunitySupported VIBs as their contents are not tested, monitored or controlled. \r\nCoinciding with the VIB acceptance levels, ESXi Image Profiles also have an acceptance level.  When the image\r\nis created it is assigned one of the four acceptance levels.  Any VIBs added to the image must be at the same\r\nacceptance level or higher.  This helps ensure that non-supported VIBs don’t get mixed in with supported VIBs\r\nwhen creating and maintaining ESXi images.\r\nHow are VIBs created and distributed?\r\nVMware provides its partners with software tools they can use to create VIBs.  Once VIBs are created they are\r\npackaged into one of two user consumable formats.  \r\nIndividual VIBs\r\nVendors can publish individual VIBs.  Users can use the ESXCLI command to add and remove individual VIBs\r\nto/from their ESXi hosts.  However, distributing individual VIBs has a major drawback – the only user-level tool\r\nthat supports working with individual VIBs is the ESXCLI command. Update Manager and Image Builder cannot\r\nwork with individual VIBs as they require additional metadata that only comes when VIBs are added to a software\r\nbundle. \r\nSoftware bundle/depot\r\nVIBs are more often distributed as part of a software bundle.  Software Bundles include additional metadata that\r\nallows the VIBs to be managed not only with the ESXCLI command, but also with Update Manager and the\r\nImage Builder CLI.  Software bundles can be distributed as a ZIP archive that users download (referred to as an\r\noffline bundle or offline depot), or they can be hosted on a web server and accessed remotely using HTTP/FTP\r\n(referred to as an online bundle or online depot).\r\nHow do I add or remove VIBs from an active ESXi host?\r\nYou can use the ESXCLI command to interactively query and manage the VIBs installed on a host.  In addition,\r\nyou can also import a software bundle into Update Manager and use it to manage the VIBs installed on the host. \r\nHow do I create a custom ESXi 5.0 image that I can use to install new hosts?\r\nTo create a custom ISO image that can be used to install new ESXi hosts you will need to use the ESXi Image\r\nBuilder CLI.  The Image Builder CLI is bundled as part of the vSphere PowerCLI and provides several commands\r\nhttps://blogs.vmware.com/vsphere/2011/09/whats-in-a-vib.html\r\nPage 2 of 3\n\n(referred to as cmdlets) that can be used to modify the VIBs that make up an ESXi Image profile, which can then\r\nbe saved as ISO image.  \r\nThe typical workflow involves:\r\n1. Download the default ESXi offline bundle from VMware.\r\n2. Downloading any additional offline bundle(s) from any partners or 3rd\r\n party vendors.\r\n3. Use the Image Builder CLI to combine the vendor VIBs together with the VIBs provided by VMware.\r\n4. Save/Export the resultant Image Profile as a custom ISO file.\r\n5. Use the custom ISO to install new ESXi hosts.\r\nConclusion\r\nAs you can see there is a lot that goes into the making of a VIB, and while most of us will never actually create a\r\nVIB it is helpful to understand the underlying components.  Of particular importance are the VIB’s XML\r\ndescriptor file, as this is where we find information about any dependencies or compatibility requirements, and the\r\nVIB acceptance level as this is how we now if a VIB is supported.  In addition, it’s important to understand the\r\ndistribution format of the VIB as different tools (i.e. ESXCLI, Update Manager, Image Builder) have different\r\nrequirements. \r\nDiscover more from VMware Cloud Foundation (VCF) Blog\r\nSubscribe to get the latest posts sent to your email.\r\nSource: https://blogs.vmware.com/vsphere/2011/09/whats-in-a-vib.html\r\nhttps://blogs.vmware.com/vsphere/2011/09/whats-in-a-vib.html\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://blogs.vmware.com/vsphere/2011/09/whats-in-a-vib.html"
	],
	"report_names": [
		"whats-in-a-vib.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434653,
	"ts_updated_at": 1775791309,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/031a93cf1efd2dca58726fa9fcc98edbec6fbde6.pdf",
		"text": "https://archive.orkl.eu/031a93cf1efd2dca58726fa9fcc98edbec6fbde6.txt",
		"img": "https://archive.orkl.eu/031a93cf1efd2dca58726fa9fcc98edbec6fbde6.jpg"
	}
}